Merge branch '2.5.x' into cc-5709-airtime-analyzer
Conflicts: airtime_mvc/application/controllers/PluploadController.php airtime_mvc/application/views/scripts/plupload/index.phtml
This commit is contained in:
drigato
commit
c4692cc0d7
33 changed files with 1807 additions and 1149 deletions
|
|
@ -193,7 +193,8 @@ class Bootstrap extends Zend_Application_Bootstrap_Bootstrap
|
|||
{
|
||||
$front = Zend_Controller_Front::getInstance();
|
||||
$router = $front->getRouter();
|
||||
|
||||
$front->setBaseUrl(Application_Common_OsPath::getBaseDir());
|
||||
|
||||
$router->addRoute(
|
||||
'password-change',
|
||||
new Zend_Controller_Router_Route('password-change/:user_id/:token', array(
|
||||
|
|
|
|||
|
|
@ -65,8 +65,10 @@ class Application_Common_OsPath{
|
|||
}
|
||||
|
||||
public static function getBaseDir() {
|
||||
$baseUrl = dirname($_SERVER['SCRIPT_NAME']);
|
||||
|
||||
|
||||
$CC_CONFIG = Config::getConfig();
|
||||
$baseUrl = $CC_CONFIG['baseDir'];
|
||||
|
||||
if ($baseUrl[0] != "/") {
|
||||
$baseUrl = "/".$baseUrl;
|
||||
}
|
||||
|
|
@ -74,7 +76,8 @@ class Application_Common_OsPath{
|
|||
if ($baseUrl[strlen($baseUrl) -1] != "/") {
|
||||
$baseUrl = $baseUrl."/";
|
||||
}
|
||||
|
||||
|
||||
|
||||
return $baseUrl;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -12,12 +12,11 @@ class LocaleController extends Zend_Controller_Action
|
|||
$this->_helper->viewRenderer->setNoRender(true);
|
||||
header("Content-type: text/javascript");
|
||||
|
||||
$baseUrl = Application_Common_OsPath::getBaseDir();
|
||||
$locale = Application_Model_Preference::GetLocale();
|
||||
echo "var datatables_dict =" .
|
||||
file_get_contents(Application_Common_OsPath::join(
|
||||
dirname(__file__),
|
||||
"../../public/js/datatables/i18n/",
|
||||
$_SERVER["DOCUMENT_ROOT"],
|
||||
"js/datatables/i18n/",
|
||||
$locale.".txt")
|
||||
);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -56,6 +56,8 @@ class LoginController extends Zend_Controller_Action
|
|||
|
||||
$result = $auth->authenticate($authAdapter);
|
||||
if ($result->isValid()) {
|
||||
// Regenerate session id on login to prevent session fixation.
|
||||
Zend_Session::regenerateId();
|
||||
//all info about this user from the login table omit only the password
|
||||
$userInfo = $authAdapter->getResultRowObject(null, 'password');
|
||||
|
||||
|
|
|
|||
|
|
@ -30,6 +30,33 @@ class PluploadController extends Zend_Controller_Action
|
|||
if (Application_Model_Systemstatus::isDiskOverQuota()) {
|
||||
$this->view->quotaLimitReached = true;
|
||||
}
|
||||
|
||||
$csrf_namespace = new Zend_Session_Namespace('csrf_namespace');
|
||||
$csrf_namespace->setExpirationSeconds(5*60*60);
|
||||
$csrf_namespace->authtoken = sha1(uniqid(rand(),1));
|
||||
|
||||
$csrf_element = new Zend_Form_Element_Hidden('csrf');
|
||||
$csrf_element->setValue($csrf_namespace->authtoken)->setRequired('true')->removeDecorator('HtmlTag')->removeDecorator('Label');
|
||||
$csrf_form = new Zend_Form();
|
||||
$csrf_form->addElement($csrf_element);
|
||||
$this->view->form = $csrf_form;
|
||||
}
|
||||
|
||||
public function uploadAction()
|
||||
{
|
||||
$current_namespace = new Zend_Session_Namespace('csrf_namespace');
|
||||
$observed_csrf_token = $this->_getParam('csrf_token');
|
||||
$expected_csrf_token = $current_namespace->authtoken;
|
||||
|
||||
if($observed_csrf_token == $expected_csrf_token){
|
||||
$upload_dir = ini_get("upload_tmp_dir") . DIRECTORY_SEPARATOR . "plupload";
|
||||
$tempFilePath = Application_Model_StoredFile::uploadFile($upload_dir);
|
||||
$tempFileName = basename($tempFilePath);
|
||||
|
||||
$this->_helper->json->sendJson(array("jsonrpc" => "2.0", "tempfilepath" => $tempFileName));
|
||||
}else{
|
||||
$this->_helper->json->sendJson(array("jsonrpc" => "2.0", "valid" => false, "error" => "CSRF token did not match."));
|
||||
}
|
||||
}
|
||||
|
||||
public function recentUploadsAction()
|
||||
|
|
|
|||
|
|
@ -201,6 +201,10 @@ class PreferenceController extends Zend_Controller_Action
|
|||
$num_of_stream = intval(Application_Model_Preference::GetNumOfStreams());
|
||||
$form = new Application_Form_StreamSetting();
|
||||
|
||||
$form->addElement('hash', 'csrf', array(
|
||||
'salt' => 'unique'
|
||||
));
|
||||
|
||||
$form->setSetting($setting);
|
||||
$form->startFrom();
|
||||
|
||||
|
|
|
|||
|
|
@ -21,6 +21,10 @@ class Application_Form_AddUser extends Zend_Form
|
|||
$hidden->setDecorators(array('ViewHelper'));
|
||||
$this->addElement($hidden);
|
||||
|
||||
$this->addElement('hash', 'csrf', array(
|
||||
'salt' => 'unique'
|
||||
));
|
||||
|
||||
$login = new Zend_Form_Element_Text('login');
|
||||
$login->setLabel(_('Username:'));
|
||||
$login->setAttrib('class', 'input_text');
|
||||
|
|
|
|||
|
|
@ -22,6 +22,10 @@ class Application_Form_EditUser extends Zend_Form
|
|||
$this->setDecorators(array(
|
||||
array('ViewScript', array('viewScript' => 'form/edit-user.phtml', "currentUser" => $currentUser->getLogin()))));
|
||||
$this->setAttrib('id', 'current-user-form');
|
||||
|
||||
$this->addElement('hash', 'csrf', array(
|
||||
'salt' => 'unique'
|
||||
));
|
||||
|
||||
$hidden = new Zend_Form_Element_Hidden('cu_user_id');
|
||||
$hidden->setDecorators(array('ViewHelper'));
|
||||
|
|
|
|||
|
|
@ -10,6 +10,10 @@ class Application_Form_Login extends Zend_Form
|
|||
// Set the method for the display form to POST
|
||||
$this->setMethod('post');
|
||||
|
||||
$this->addElement('hash', 'csrf', array(
|
||||
'salt' => 'unique'
|
||||
));
|
||||
|
||||
$this->setDecorators(array(
|
||||
array('ViewScript', array('viewScript' => 'form/login.phtml'))
|
||||
));
|
||||
|
|
|
|||
|
|
@ -15,6 +15,14 @@ class Application_Form_Preferences extends Zend_Form
|
|||
));
|
||||
|
||||
$general_pref = new Application_Form_GeneralPreferences();
|
||||
|
||||
$this->addElement('hash', 'csrf', array(
|
||||
'salt' => 'unique',
|
||||
'decorators' => array(
|
||||
'ViewHelper'
|
||||
)
|
||||
));
|
||||
|
||||
$this->addSubForm($general_pref, 'preferences_general');
|
||||
|
||||
$email_pref = new Application_Form_EmailServerPreferences();
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ class Application_Model_Locale
|
|||
"hr_HR" => "Hrvatski",
|
||||
"hu_HU" => "Magyar",
|
||||
"it_IT" => "Italiano",
|
||||
//"ja" => "日本語",
|
||||
"ja_JP" => "日本語",
|
||||
"ko_KR" => "한국어",
|
||||
"pl_PL" => "Polski",
|
||||
"pt_BR" => "Português (Brasil)",
|
||||
|
|
|
|||
|
|
@ -183,6 +183,9 @@ class Application_Service_SchedulerService
|
|||
->limit(1)
|
||||
->findOne();
|
||||
|
||||
if (is_null($showInstanceWithMostRecentSchedule)) {
|
||||
return null;
|
||||
}
|
||||
$instanceId = $showInstanceWithMostRecentSchedule->getDbId();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -157,6 +157,9 @@
|
|||
</ul>
|
||||
<?php endif; ?>
|
||||
</dd>
|
||||
|
||||
<?php echo $this->element->getElement('csrf') ?>
|
||||
|
||||
<button type="submit" id="cu_save_user" class="btn btn-small right-floated"><?php echo _("Save")?></button>
|
||||
</dl>
|
||||
</form>
|
||||
|
|
|
|||
|
|
@ -27,6 +27,8 @@
|
|||
<dd id="locale-element">
|
||||
<?php echo $this->element->getElement('locale') ?>
|
||||
</dd>
|
||||
|
||||
<?php echo $this->element->getElement('csrf') ?>
|
||||
|
||||
<?php if (Application_Model_Preference::GetEnableSystemEmail()): ?>
|
||||
<dt id="reset-label" class="hidden"> </dt>
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
<form method="<?php echo $this->element->getMethod() ?>" enctype="multipart/form-data">
|
||||
|
||||
<?php echo $this->element->getElement('csrf') ?>
|
||||
<?php echo $this->element->getSubform('preferences_general') ?>
|
||||
|
||||
<h3 class="collapsible-header" id="email-server-heading"><span class="arrow-icon"></span><?php echo _("Email / Mail Server Settings"); ?></h3>
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
#plupload_files input[type="file"] {
|
||||
font-size: 200px !important;
|
||||
}
|
||||
<<<<<<< HEAD
|
||||
</style>
|
||||
<?php if ($this->quotaLimitReached) { ?>
|
||||
<div class="errors quota-reached">
|
||||
|
|
@ -11,7 +12,8 @@
|
|||
}
|
||||
?>
|
||||
<form id="plupload_form" <?php if ($this->quotaLimitReached) { ?> class="hidden" <?php } ?>>
|
||||
<div id="plupload_files"></div>
|
||||
<?php echo $this->form->getElement('csrf') ?>
|
||||
<div id="plupload_files"></div>
|
||||
</form>
|
||||
<div id="plupload_error">
|
||||
<table></table>
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@
|
|||
<?php if($this->enable_stream_conf == "true"){?>
|
||||
<form method="post" id="stream_form" enctype="application/x-www-form-urlencoded">
|
||||
<button name="stream_save" id="stream_save" type="button" class="btn btn-small right-floated"><?php echo _("Save") ?></button>
|
||||
<?php echo $this->form->getElement('csrf') ?>
|
||||
<div style="clear:both"></div>
|
||||
<?php }?>
|
||||
<?php echo $this->statusMsg;?>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue